Security System for Industrial Control Infrastructure using Dynamic Signatures

US 20160357177A1
Filed: 06/02/2015
Published: 12/08/2016
Est. Priority Date: 06/02/2015
Status: Active Grant

First Claim

Patent Images

1. An industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the industrial control system comprising:

(1) multiple control devices each providing;

(a) a device network poll for communicating with other elements of the industrial control system;

(b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;

(c) a control device processor communicating with the device network port and electrical connectors;

(d) a device electronic memory system accessible by the control device processor and holding;

operating software describing operation of control device, a data table holding representations of the electrical signals of the electrical connectors, a diagnostic program providing outputs monitoring the operation of the control device;

the data table and the outputs of the diagnostic program together defining a dynamic device state wherein the operating software is executable by the control device processor to;

(i) read at least a portion of the dynamic device state to generate a dynamic signature;

(ii) encrypt the dynamic signature; and

(iii) transmit the dynamic signature over the network port; and

(2) a security controller providing;

(a) a controller network port for communicating with other elements of the industrial control system;

(b) a security controller processor communicating with the controller network port; and

(c) a controller electronic memory system accessible by the security controller processor and holding;

a security program;

wherein the security program is executable by the security controller processor to;

(i) receive a dynamic signature from a given control device through the network port and decrypt the dynamic signature;

(ii) analyze the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and

(iii) provide an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial control system hardened against malicious activity monitors highly dynamic control data to develop a dynamic thumbprint that can be evaluated to detect deviations from normal behavior of a type that suggest tampering or other attacks. Evaluation of the dynamic thumbprint may employ a set of ranges defining normal operation and reflecting known patterns of interrelationship between dynamic variables.

Citations

20 Claims

1. An industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the industrial control system comprising:
- (1) multiple control devices each providing;
  
  (a) a device network poll for communicating with other elements of the industrial control system;
  
  (b) electrical connectors for accepting electrical conductors communicating with industrial equipment to receive or transmit electrical signals from or to that industrial equipment for the control of an industrial process;
  
  (c) a control device processor communicating with the device network port and electrical connectors;
  
  (d) a device electronic memory system accessible by the control device processor and holding;
  
  operating software describing operation of control device, a data table holding representations of the electrical signals of the electrical connectors, a diagnostic program providing outputs monitoring the operation of the control device;
  
  the data table and the outputs of the diagnostic program together defining a dynamic device state wherein the operating software is executable by the control device processor to;
  
  (i) read at least a portion of the dynamic device state to generate a dynamic signature;
  
  (ii) encrypt the dynamic signature; and
  
  (iii) transmit the dynamic signature over the network port; and
  
  (2) a security controller providing;
  
  (a) a controller network port for communicating with other elements of the industrial control system;
  
  (b) a security controller processor communicating with the controller network port; and
  
  (c) a controller electronic memory system accessible by the security controller processor and holding;
  
  a security program;
  
  wherein the security program is executable by the security controller processor to;
  
  (i) receive a dynamic signature from a given control device through the network port and decrypt the dynamic signature;
  
  (ii) analyze the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and
  
  (iii) provide an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The industrial control system of claim 1 wherein the portion of the dynamic device state includes data indicating electrical signals of the electrical connectors.
  - 3. The industrial control system of claim 1 wherein the security program executes to receive dynamic signatures from a multiple of given control devices through the network port and analyze the dynamic signatures against integrated rules relating to the combined dynamic signatures and establishing a multi-value range of acceptable dynamic signature values
  - 4. The industrial control system of claim 1 wherein the dynamic signature includes multiple time varying quantities and wherein the rules establish multi-value ranges for each quantity.
  - 5. The industrial control system of claim 4 wherein the multi-value ranges vary as a function of other varying quantities.
  - 6. Industrial control system of claim 5 wherein the multi-value ranges vary as a function of a random value.
  - 7. The industrial control system of claim 5 wherein the rules are applied by a supervised machine learning system trained with dynamic signatures from a properly operating industrial control system.
  - 8. The industrial control system of claim 5 wherein the properly operating industrial control system is determined at least in part by historical operation of the industrial control system.
  - 9. The industrial control system of claim 1 wherein the dynamic device state includes at least one of a timestamp, a digital signature, a device identification number, and a changing random code.
  - 10. The industrial control system of claim 1 wherein the device electronic memory system holds a diagnostic program monitoring operation of the control device and wherein the dynamic signature includes outputs from the diagnostic program.
  - 11. The industrial, control system of claim 10 wherein the operation of the control device is selected from the group consisting of CPU utilization, free memory, and stack depth.
  - 12. The industrial control system of claim 1 wherein rules are at least in part a function of calendar data indicating schedule changes in the industrial control system.
  - 13. The industrial control system of claim 10 wherein the operation of the control device is selected from the group consisting of:
    - port traffic over a predetermined interval and change in average port traffic.
  - 14. The industrial control system of claim 1 wherein the device electronic memory system holds a transaction log recording individual access to the control device programs or settings and the diagnostic program analyzes the operating log for at least one of a pattern of access to settings of the control.
  - 15. The industrial control system of claim 1 wherein the dynamic signature includes an operating mode of the control device selected from a run state indicating that the control device is running to execute a control program and a programming state indicating that the control device is being programmed with respect to a control program.
  - 16. The industrial control system of claim 1 wherein a first control device produces a first dynamic signature and a second control device receives the first dynamic signature and produces a second dynamic signature based on a dynamic device state of the second control device and the first dynamic signature and transmits the second dynamic signature over a network port of the second control device.
  - 17. The industrial control system of claim 16 wherein the second dynamic signature provides a lossy compression of the first dynamic signature.
  - 18. The industrial control device of claim 1 wherein the operating software provides programming for operating the control device as at least one of an input module providing interface for communication from two-state electrical sensors providing a digital input, an input module providing interface for communications from sensors providing an analog signal, an output module providing an interface for communication to two-state actuators, and a motor drive for synthesizing voltage waveforms for controlling a motor.

19. A method of establishing security in an industrial control system comprising multiple inter-communicating industrial control devices coordinated according to a control program, the method including:
- (1) at each control device;
  
  (a) generating a dynamic device state at the industrial control devices from a data table holding representations of electrical signals of the electrical connectors of each control device and outputs from a diagnostic program monitoring the operation of the control device;
  
  (b) reading at least a portion of the dynamic device state to generate a dynamic signature;
  
  (c) encrypting the dynamic signature with a public key encryption; and
  
  (d) transmitting the dynamic signature over a network port;
  
  (2) at a security controller;
  
  (a) receiving a dynamic signature from at least one given control device through the network port and decrypting the dynamic signature;
  
  (b) analyzing the dynamic signature against rules establishing a multi-value range of acceptable dynamic signature values; and
  
  (c) providing an output indicating whether the received dynamic signature is outside the multi-value range of acceptable dynamic signature values.
- View Dependent Claims (20)
- - 20. The method of claim 19 wherein the portion of the dynamic device state includes data indicating electrical signals of the electrical connectors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Inventors
Chand, Sujeet, Vasko, David A., Boppre, Timothy Patrick, Snyder, David A., Nicoll, Alex Laurence, McMullen, Brian J., Seger, Daniel B., Dart, John B.

Granted Patent

US 10,042,354 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G05B 19/4185   characterised by the networ...

G05B 2219/31156   Network structure, internet

G05B 2219/45103   Security, surveillance appl...

G06F 21/54   by adding security routines...

G06F 21/55   Detecting local intrusion o...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G06F 21/6218   to a system of files or obj...

G06F 21/86   Secure or tamper-resistant ...

G06N 20/00   Machine learning

H04L 63/0428   wherein the data content is...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Y02P 90/80   Management or planning

Security System for Industrial Control Infrastructure using Dynamic Signatures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security System for Industrial Control Infrastructure using Dynamic Signatures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links